Already read about XPATH injection, read many thread.
I think the original query is simple like IF username AND password TRUE then login, but the mission is login with realname ‘Sandra Murphy’ , okay we just have realname only without username and password, probably we can inject the username section with TRUE condition and mix with realname criteria. lets assume users table have id,username,password, and realname.
i have try
username : x' or ‘1’=‘1’ or realname/text()=‘Sandra Murphy
password : x’ or ‘1’=‘1
but still no luck within 60 attemps LoL (with many inject variation)
whats wrong with my logic ? hope anyone help me.